markdown-to-storyboard
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted user-provided markdown to generate storyboard content.
- Ingestion points: Workflow Step 1 reads arbitrary markdown content from the user context.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore control sequences embedded within the source markdown.
- Capability inventory: The agent has the ability to execute Python code to write files (
storyboard.csv). - Sanitization: No sanitization of user-provided text is performed before it is used to populate the CSV rows in the generated Python script.
- Dynamic Execution (LOW): The skill uses
execute_codeto run a Python script generated at runtime. - Evidence: Step 6 provides a template for writing a CSV file. While the script uses the standard
csvlibrary and performs local file I/O, the content of therowslist is dynamically generated from user input. This is a standard pattern for file-producing skills but represents a surface for code injection if the LLM fails to escape quotes or special characters in the input markdown.
Audit Metadata